If you're going to need the email address in the future, then you'll have to store them in plain text.

如果您将来需要电子邮件地址,那么您必须以纯文本格式存储它们。

You could encrypt them, of course, however, this is effectively security through obscurity in this case. Basically, if your application's perimeter is secure, your data within it can be plain text. Encrypting here adds complexity to you working with the data, but doesn't really stop an attacker from getting your raw data.

当然,您可以对它们进行加密,但是,在这种情况下,这通过默默无闻是有效的安全性。基本上,如果您的应用程序的边界是安全的,那么其中的数据可以是纯文本。此处的加密会增加您处理数据的复杂性,但并不能真正阻止攻击者获取原始数据。

As you say, if he gets through your perimeter defenses, he's likely to easily get your decryption key to decrypt the email data. Encryption may slow down the determined attacker slightly, but will not add any real security to your data.

正如你所说,如果他通过你的外围防御,他可能很容易获得你的解密密钥来解密电子邮件数据。加密可能会略微降低已确定的攻击者的速度,但不会为您的数据添加任何真正的安全性。

The best scenario is to hash the email address (with salt!) and store that. This allows you to check the email address against an input value (for example) and verify that the email address input is the same as what you have stored, of course, the major downside for this is that you can't know what the email address is without that additional value, so if you're wanting to (for example) regularly email your users, you'll be out of luck.

最好的方案是散列电子邮件地址(使用salt!)并存储它。这允许您根据输入值检查电子邮件地址(例如)并验证电子邮件地址输入是否与您存储的相同,当然,这样做的主要缺点是您无法知道电子邮件是什么地址没有附加价值,所以如果您想(例如)定期向您的用户发送电子邮件,那么您将失去运气。

I suspect you're storing the email address because it's useful data, and you will want to do something with it (like send an email :) in which case, encrypting just adds overhead to working with that data, whilst gaining very little in return.

我怀疑你是存储电子邮件地址,因为它是有用的数据,你会想要用它做一些事情(比如发送电子邮件:),在这种情况下,加密只会增加处理这些数据的开销,同时收益很少。

In this case, I would focus on securing access the database itself (i.e. your "perimeter" defenses) and ensure they are as strong as can be, whilst leaving the data in the database in plain text.

在这种情况下,我将专注于保护对数据库本身的访问(即您的“边界”防御)并确保它们尽可能强大,同时将数据保留在数据库中以纯文本形式存在。

Hopefully this answer will answer your question as well.

希望这个答案也能回答你的问题。

Is it worth encrypting email addresses in the database?

是否值得加密数据库中的电子邮件地址?

In short, no, it is not worth encrypting user email addresses. You're right in thinking that a database compromise will likely result in somebody also gaining access to the keys required to break your encryption.

简而言之,不,不值得加密用户电子邮件地址。您认为数据库泄露可能导致某人也可以访问破解加密所需的密钥,这是正确的。

In general I agree with others saying it's not worth the effort. However, I disagree that anyone who can access your database can probably also get your keys. That's certainly not true for SQL Injection, and may not be true for backup copies that are somehow lost or forgotten about. And I feel an email address is a personal detail, so I wouldn't care about spam but about the personal consequences when the addresses are revealed.

总的来说,我同意其他人说这不值得付出努力。但是,我不同意任何可以访问您的数据库的人都可能获得您的密钥。对于SQL注入来说肯定不是这样,对于以某种方式丢失或遗忘的备份副本可能不是这样。我觉得电子邮件地址是个人的细节,所以我不关心垃圾邮件,而是关注地址泄露时的个人后果。

Of course, when you're afraid of SQL Injection then you should make sure such injection is prohibited. And backup copies should be encrypted themselves.

当然,当你害怕SQL注入时,你应该确保禁止这样的注入。备份副本应自行加密。

Still, for some online communities the members might definitely not want others to know that they are a member (like related to mental healthcare, financial help, medical and sexual advice, adult entertainment, politics, ...). In those cases, storing as few personal details as possible and encrypting those that are required (note that database-level encryption does not prevent the details from showing using SQL Injection), might not be such a bad idea. Again: treat an email address as such personal detail.

但是,对于一些在线社区,成员可能绝对不希望其他人知道他们是会员(如与心理医疗保健,经济帮助,医疗和性咨询,成人娱乐,政治等有关)。在这些情况下,尽可能少地存储个人详细信息并加密所需的信息(请注意,数据库级加密不会阻止详细信息显示使用SQL注入),这可能不是一个坏主意。再次:将电子邮件地址视为此类个人详细信息。

For your entertainment site this is probably not the case, and you should focus on prohibiting SELECT * FROM through SQL Injection, and making sure visitors cannot somehow get to someone else's personal profile or order information by changing the URL.

对于您的娱乐网站,情况可能并非如此,您应该专注于通过SQL注入禁止SELECT * FROM,并确保访问者无法通过更改URL以某种方式获取其他人的个人资料或订购信息。

One of the most often-cited truisms in computer security is that the only truly secure computer is one buried in concrete, with the power turned off and the network cable cut.

计算机安全中最经常引用的一个问题是,唯一真正安全的计算机是埋在混凝土中的计算机,关闭电源并切断网络电缆。

With that in mind the best way to securely store email addresses? Dont store them at all!

考虑到这一点,安全存储电子邮件地址的最佳方法是什么?不要存储它们!

tl;dr Do you need their email address, or a way of sending them emails? Either trust someone who will do a better job than you or don't use the email address at all.

tl; dr您是否需要他们的电子邮件地址或向他们发送电子邮件的方式?要么信任能比你做得更好的人,要么完全不使用电子邮件地址。

Why do you need to keep a record of a customer's email address? The only reasons I have run into are:

为什么需要记录客户的电子邮件地址?我遇到的唯一原因是:

• Account confirmation & authentication

帐户确认和身份验证

• Transaction & Marketing emails

交易和营销电子邮件

Confirmation & Authentication

确认和认证

The core of what we want is two step authentication: Something they know and something they have. Something they know is a password, and is easy to prove since they will be the only one who knows it. Something they have is harder to prove and traditionally we use an email address since it is easy to verify. These days though there are other things we can use:

我们想要的核心是两步验证:他们知道的东西和他们拥有的东西。他们知道的东西是密码,很容易证明,因为他们是唯一知道密码的人。他们拥有的东西更难以证明,传统上我们使用电子邮件地址,因为它很容易验证。这些天我们可以使用其他东西:

• Mobile phone
• An account with a trusted website (Facebook, Google, Twitter)

拥有受信任网站的帐户(Facebook,Google,Twitter)

Mobile phone verification is simple. Send them a sms using a service like twilio.com and ask them to text back a confirmation code. We now know that the mobile belongs to the customer who wanted to register. With OpenID you can verify existing accounts with other trusted sites, and the confirmation process is handled by them.

手机验证很简单。使用twilio.com等服务向他们发送短信,并要求他们发回确认码。我们现在知道移动设备属于想要注册的客户。使用OpenID,您可以验证其他受信任站点的现有帐户,并由他们处理确认过程。

For the customer to authenticate then all they provide is either their mobile number and password, or an OpenID authentication token. Neither require a email address (well the OpenID provider might but thats not your responsibility).

对于客户进行身份验证,他们提供的只是他们的手机号码和密码,或者是OpenID身份验证令牌。既不需要电子邮件地址(OpenID提供商也可能,但这不是您的责任)。

If these are not an option then you can still confirm an email address and then use it for authentication. Confirmation only requires a unique token to be stored and a link to be sent to the email address. Store a salted hash of the email address, and use that to match the account in the same way we do passwords.

如果这些不是一个选项,那么您仍然可以确认一个电子邮件地址,然后使用它进行身份验证。确认仅需要存储唯一令牌以及要发送到电子邮件地址的链接。存储电子邮件地址的盐渍哈希值,并使用该哈希值以与我们密码相同的方式匹配帐户。

Transaction & Marketing Emails

交易和营销电子邮件

The real reason why we want to store the email address! So we can send them offers of stuff we think they need so they can delete it without reading it. Seriously though is email the best medium for this? If we have an OpenID account then why not use that for notifications? Send a Facebook message or write on their wall, @mention them on Twitter, send a text message to their mobile, build an app and push notifications at them. There are so many channels much more effective than email.

我们想要存储电子邮件地址的真正原因!所以我们可以向他们发送我们认为他们需要的东西,以便他们可以删除它而不需要阅读它。说真的,电子邮件是最好的媒介吗?如果我们有一个OpenID帐户,那么为什么不将它用于通知呢?发送Facebook消息或在他们的墙上写,@在Twitter上发送消息,向他们的手机发送短信,构建应用并向他们推送通知。有太多频道比电子邮件更有效。

If you want to use email then use a email platform like Mandrill and MailChimp. When they register create a subscriber in a mailing list on MailChimp. Store the subscriber id with the account. For transaction emails ( reset password, account updates ) fetch the subscriber and pass the stored email to Mandrill to send the email. For mass marketing just send to the mailing list in MailChimp.

如果您想使用电子邮件,请使用Mandrill和MailChimp等电子邮件平台。当他们注册时,在MailChimp的邮件列表中创建订阅者。将订户ID存储在帐户中。对于交易电子邮件(重置密码,帐户更新),获取订阅者并将存储的电子邮件传递给Mandrill以发送电子邮件。对于大众营销,只需发送到MailChimp的邮件列表。

The only thing stored in the database is the subscriber id. It also gives all the benefits of using a email platform, unsubscribes, open and click through rates, e-commerce tracking etc. Email platforms will do a better job of delivering emails that you. They will also do a better job at protecting the privacy of their data than you. Let them do the hard work of database security so you can focus on getting more customers.

存储在数据库中的唯一内容是订户ID。它还提供了使用电子邮件平台,取消订阅,打开和点击率,电子商务跟踪等所有好处。电子邮件平台可以更好地为您发送电子邮件。与您相比,他们在保护数据隐私方面也会做得更好。让他们完成数据库安全的艰苦工作,这样您就可以专注于吸引更多客户。

I think that when people can come in your database you are anyway screwed :)

我认为,当人们可以进入你的数据库时你无论如何都搞砸了:)

It doesn't make a lot of sense to just encrypt your email addresses. Beside that there will be a lot of other information in your database that you would not like to be gathered, the decryption key will be indeed within reach at the same time your database is open.

仅加密您的电子邮件地址并没有多大意义。除此之外,您不希望收集数据库中的许多其他信息,在您的数据库打开的同时,解密密钥确实可以实现。

I would like to suggest to find your layer of security and data integrity on a higher level. So the prevention of people entering your database.

我想建议在更高层次上找到您的安全和数据完整性层。所以防止人们进入你的数据库。

And why would email addresses be so important? Most people will anyway get spam or their email addresses will otherwise be available somewhere on the web.

为什么电子邮件地址如此重要?无论如何,大多数人都会收到垃圾邮件,否则他们的电子邮件地址将在网络上的某个地方提供。

Depends on how often you access the addresses. If you read them once in a while, it might make sense, but this would be one of the last security issues I would spend time on.

取决于您访问地址的频率。如果你偶尔阅读它们,它可能有意义,但这将是我花时间的最后一个安全问题之一。

I do not encrypt user e-mails. The point is to protect the database; the keys are accessible anyway if you actually want to use the e-mails once they are stored.

我不加密用户电子邮件。重点是保护数据库;如果您确实想在存储电子邮件后使用电子邮件,则无论如何都可以访问密钥。

Do check the address for validity and possible SQL injection, though.

但是,请检查地址的有效性和可能的​​SQL注入。

If the application server and database are on separate servers, it would generally increase security to have all or parts of the database encrypted.

如果应用程序服务器和数据库位于不同的服务器上,则通常会增加安全性以使数据库的全部或部分加密。

Even if they are on the same machine, a hacker may not figure out where your password is stored (although I wouldn't rely on that).

即使他们在同一台机器上,黑客也可能无法确定您的密码存储位置(尽管我不会依赖它)。

I generally wouldn't encrypt the emails at the application level, instead relying on database-wide encryption offered by most enterprise databases.

我通常不会在应用程序级别加密电子邮件,而是依赖大多数企业数据库提供的数据库范围的加密。

Of course if you're using something like MySQL, then you have no choice but to do it at the application level.

当然,如果您使用的是MySQL,那么您别无选择,只能在应用程序级别执行此操作。

I normally tell my clients it isn't worth the trouble encrypting a database, however if you have stricter privacy requirements it may make sense to do so.

我通常告诉我的客户加密数据库是不值得的,但是如果你有更严格的隐私要求,这样做可能是有意义的。

Encrypting database content is always a tricky consideration. Clearly the content is useless unless it can be unencrypted, and if that has to happen without human intervention, then you're storing both the cyphertext AND the key somewhere. If that somewhere is on the same machine, then one might wonder why you even bothered.

加密数据库内容始终是一个棘手的考虑因素。很明显,除非可以不加密,否则内容是无用的,如果必须在没有人为干预的情况下发生,那么你将把密文和密钥存储在某处。如果那个地方在同一台机器上,那么人们可能会想知道为什么你甚至会烦恼。

Well, there's a few reasons why you might want to do this. One is because you're required to do so because of some company policy. Another is that perhaps your database is housed in a more hostile environment than that machine that accesses it.

好吧,有几个原因你可能想要这样做。一个原因是因为某些公司政策要求你这样做。另一个原因是,您的数据库可能位于比访问它的机器更恶劣的环境中。

In general, encrypting database content isn't going to win you any awards, but if you can justify it, then you clearly have at least some motivation to do so.

一般来说,加密数据库内容并不会赢得任何奖项,但如果你可以证明这一点,那么你显然至少有一些动机去做。

yeah could be helpful for the user if you hash it with salt. I had a code before which i used that I use salt and hash then I can decrypt it. Flow is that once user will register you then hash and salt (encryption process) it. Then if you need to fetch the encrypted data there will be decryption.

是的,如果你用盐哈希它可能对用户有帮助。我有一个代码,在此之前我使用salt和hash然后我可以解密它。流是一旦用户注册你然后哈希和盐(加密过程)它。然后,如果您需要获取加密数据,则会进行解密。